New wiper virus targets Iranian computers

Get short URL

Published time: December 18, 2012 02:20
Edited time: December 18, 2012 07:19

Tags

Information Technology, Internet, Iran, SciTech, Security

Iran has been subjected to another attack by a virus capable of wiping the data on infected PCs. Antivirus experts suggest the virus has been active for at least two months and expect the next attack to take place during January, 2013.

Iran's Maher Computer Emergency Response Team Coordination Center has issued a warning, cautioning that the new malware continuously erases data from the hard disk drives, despite the simplicity of design and functionality, as it slips into the PC without being detected by the antivirus and anti-malware programs.

The Maher Center said the malware's installer, also known as the dropper, is called GrooveMonitor.exe, believed to be named that way as a disguise associated with a legitimate Microsoft Office 2007 document feature called Microsoft Office Groove.

Dubbed the Batchwiper, the virus erases drive partitions starting with the letters D through I on Windows operating system, in addition to files stored on the user’s desktop.

The new found threat starts its destruction activities on certain dates, the next one being January 21, 2013. Experts from Symantec suggest that the virus has been active for the last two months as dates going back to October 12 were discovered in the malware's configuration.

It's not yet apparent who and how it is distributing the malware. However security companies agree it could be using several ways of infiltration, ranging from email attachments, USB drives, some other malware already running on computers, or an internal actor uploading it to network shares, AlienVault Labs manager Jaime Blasco told computerworld.com via email.

“There's no connection to any of the previous wiper-like attacks we've seen,” Roel Schouwenberg, a senior researcher at Kaspersky Lab, wrote in a blog. “We also don't have any reports of this malware from the wild.”

The revelation comes on the heels of the “Flame”, an espionage malware reportedly designed by the US and Israel to spy on Iran.

In May this year it was announced that one of the world’s most powerful data-snatching virus targeting computers in Iran, Israel and other Middle Eastern countries had been discovered by Russian experts. The worm had allegedly been used for years in what seems to be state-sponsored cyber espionage.

In June 2012 the New York Times reported that President Obama had ordered the cyber-attack on Iranian nuclear enrichment facilities.

Comments (12)

Archie1954 (unregistered) 20.12.2012 06:45

And guess what, the state that developed and let the virus loose on Iran will get it back in no time and complain bitterly that someone is attempting to sabotage their electroinc communications. Gross hypocrisy comes in very handy in situations like this.

Undo

bass (unregistered) 18.12.2012 18:45

The Windows OS is used around the world, especially the pirated Windows XPs that are full of bugs. Given no OS is 100% safe from viruses, but using Linux is a huge step forward and makes it at least a hundred times harder to exploit. Even if an executable(rpm, .deb, etc) penetrates a Linux system, it won't be able to achieve much unless the user becomes stupid.
The only practical way to damage a system, including Linux, is to hack it directly. So it is always a battle of hackers and firewalls. I bet that none of these viruses has done much damage to the Iranian computer systems with the exception of Stuxnet. Iranians are the masters of the game! You should watch the video Eric Schmidt CEO of Google on Iran.

Undo

Sam's (unregistered) 18.12.2012 13:34

Eurasian (unregistered) wrote in #1
What a hypocrisy; if this happens in the west they will cry out loud the world over, but for Iran not a word of condemnation. And such attacks on Iran has become a routine practice by the CIA/Moassad/MI6. There is old common proverb , Grave digger, how deeply digs ,see no one except himself, in other words whatever you put in your soup ,comes into your spoon.

Undo

View all comments (12)